Items tagged with data breach
The internet is a place where it's difficult to trust anything that anyone says. A recent case of more than a handful of VPN providers who claim to keep no logs of their user's activity, yet leaked activity logs, highlights that you can't trust anyone online. As it turns out, the seven VPN providers were logging user activity, and those logs have now leaked onto the internet. The first logs discovered were from a company called UFO VPN. UFO VPN had an unsecured Elasticsearch cluster that left the log files facing the public internet for anyone to discover. The logs were found by Bob Diachenko from a company called Comparitech. The records contained copious amounts of data on UFO VPN users, including...
Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,...
Read more...
MoviePass members have reason to be concerned with the service. A security researcher from SpiderSilk named Mossab Hussein has announced that he found a major flaw in MoviePass servers. The flaw exposed a database that contained 161 million records and it is still growing in real-time. The researcher says the many of the messages in the database were routine computer-generated logging messages. However, many of the entries included sensitive user information like MoviePass customer card numbers. MoviePass customer cards are like debit cards and are issued by MasterCard. TechCrunch reports that it reviewed 1,000 entries from that log and a bit over half of them contained MoviePass customer...
Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The...
Read more...
It is time to unleash your inner Boba Fett. Facebook just announced a bounty program that will award people who uncover data abuses. The program offers up to $40,000 USD for substantiated cases. Facebook's chief security officer, Alex Stamos stated that the bounty program “Will help us find the cases of data abuse not tied to security vulnerability. ... This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action.” Before you start counting your coin, it is important to note that the bounty program has very specific requirements. Facebook is looking for “any situation where data that was legitimately collected...
Read more...
Under Armor is a big name in the athletic clothing world. In addition to clothing, the company also has an app that is meant to allow people to track their food intake and nutrition to help get fit (and stay) fit. The app is very popular with users on iOS and Android, but it has suffered a major data breach. Under Armour has notified users that the MyFitnessPal app team became aware that an unauthorized third party had acquired data associated with user accounts for the app and website. That unauthorized access happened in late February 2018 and Under Armor states "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the...
Read more...
Computer hackers accessed personally identifiable information and financial details belonging to around 1,400 University of Virginia workers as part of an email phishing scam, the University announced. An internal investigation determined that the culprits first accessed the stolen records in early November 2014 and continued to pluck private data up through early February 2015. The phishing emails were successful in tricking an untold number of recipients with access to the University's Human Resources system into coughing up their usernames and passwords. Once the hackers had the necessary login details, they were able to access W-2 forms of around 1,400 of the University's more than 20,000...
Read more...
T-Mobile CEO John Legere is ticked off and with good reason. Experian, which just so happens to process credit applications for T-Mobile, reported today that it was hit with a massive database breach. Experian describes the incident as an “unauthorized acquisition of information from a server” that contained “some personally identifiable information for approximately 15 million [T-Mobile] customers.” So what information were these “unauthorized” people able to obtain? Well according to Experian, personally identifiable information including names, date of birth, and social security numbers were obtained. Other identifiable information such as driver license numbers were also slurped up. Luckily,...
Read more...
The parade of banks, insurance companies and retailers that have suffered data breaches has caused many people to store their passwords with sites like LastPass. The security company creates a unique password for each of the user’s logins and provides access to those passwords via a single, master password.Now, LastPass is admitting that at least some of its data has been comprised. The company believes that its customers are not vulnerable, but it concedes that email addresses and authentication hashes are among the data affected. Password reminders and server per user salts were also comprised. “In our investigation, we have found no evidence that encrypted uer vault data was taken, nor that...
Read more...
After what's being described as a "massive data breach" at Global Payments, Visa has decided to part ways with the payment processor and try its luck elsewhere, Global Payments CEO Paul Garcia said, according to a report in the Associated Press. MasterCard, meanwhile, is either willing to give Global Payments the benefit of the doubt that this was a one-time snafu, or hasn't yet announced plans of its own to the ditch the payment processor. Garcia described the situation as being "absolutely contained" at this point, however as many as 1.5 million credit cards across the United States may have been affected. Compromised data includes credit card numbers, but not identifying information such as...
Read more...
As you head into the weekend getting ready to party and celebrate the end of another long and grueling work week, take some time to keep tabs on your MasterCard and Visa accounts. If you don't, you could be in for a rude awakening when you go to pay for drinks and find out that your card has been declined. At issue here is a what's being described as a "massive" data breach at a U.S.-based credit card processor, according to KrebsOnSecurity.com.Visa and MasterCard have both been sending out non-public alerts giving banks a heads up that specific cards -- possibly more than 10 million -- may have been compromised recently. Image Source: Flickr (philcampbell) A spokesman for MasterCard told The...
Read more...
Googling your own name might not be such a narcissistic activity after all; in fact, it just must save you from identity theft. At least that's what Kevin Andreyo, a Wilkes University professor, discovered when he used the "deep web" search engine, Pipl, to see what information about him might be publicly available on the Internet. What he found was a link to a document that not only included his Comcast user name and password, but the document also included what appeared to be the user names and passwords of over 8,000 other Comcast customers. Andreyo was inspired by the March 10, People Search Engines: They Know Your Dark Secrets... And Tell Anyone, PC World article, to do a little sleuthing...
Read more...
On what many Americans consider a day of change, here we go again with more of the same: a massive data breach involving Heartland Payment Systems, a credit card payment processor, that was announced on Tuesday. First, the good news: no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Neither was any check processing data. Now for the bad news: since they were alerted to suspicious activity by Visa and MasterCard, tens of millions of credit and debit card numbers or transactions may have been affected. Wonderful. In a press release Robert H.B. Baldwin, Jr., Heartland's president...
Read more...
It all started with a snipped on page A23 of Thursday’s Washington Post, which notified the public that the McCain-Palin campaign was going to sell off its used office inventory at low prices. Then, it turned into a high-tech slip-up in which the campaign headquarters accidentally sold an information-ridden BlackBerry to a Fox reporter. Although the sale didn’t look like much when reporter Tisha Thompson arrived at the sale, she did find BlackBerry smartphones going for just $20 apiece. All of the batteries had died, and there weren’t any chargers for sale, but Thompson bought a couple anyway.When she returned to the office and charged up one of the dead BlackBerries, Thompson found more...
Read more...
Earlier this week we reported on Scotland's Sunday Herald's claim that the Best Western hotel group was hit with the world's largest known data breach of eight million people's sensitive information, as well as Best Western's adamant denial. Even if the Sunday Herald story turns out to be true, the Best Western data breach would no longer hold the title of the world's largest known data breach. That record now goes to the Bank of New York (BNY) Mellon, which "lost" the sensitive information of 12.5 million customers. The BNY Mellon data breach itself is not new news. As documented in the Identity Theft Resource Center's ITRC Breach Report 2008, on February 27, 2008, BNY Mellon gave "an unencrypted...
Read more...
No matter how carefully you try to protect your personal and financial information, you are still at the mercy of those companies you choose to give your information too. Unfortunately, it looks like keeping your sensitive data secure is becoming increasingly difficult for some companies. According to the Identity Theft Resource Center (ITRC), 2008 is shaping up to be the year of the greatest number of reported identity-theft security breaches to date: "As of 9:30 a.m. August 22nd, the number of confirmed data breaches in 2008 stood at 449. The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses,...
Read more...
Certainly, there's no lack of accidental data breaches. Companies, even countries like the U.K. have accidentally exposed sensitive information about customers or citizens. But to do it deliberately? Whoa.There has been outrage in Italy after the outgoing government published every Italian's declared earnings and tax contributions on the internet.The tax authority's website was inundated by people curious to know how much their neighbours, celebrities or sports stars were making.The Italian treasury suspended the website after a formal complaint from the country's privacy watchdog.The information was put on the site with no warning for nearly 24 hours.The release of the information was one of...
Read more...
Monday the Massachusetts Bankers Association (MBA) issued a press release announcing a major data breach at what Visa and MasterCard said was an unnamed "major retailer." The details were far worse than the original news, though.A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in...
Read more...
It wasn’t that long ago that the loss of a laptop or hard disk containing sensitive information about consumers was big news. Sadly, it’s becoming much more common these days. In fact, it’s so common that U.K. Information Commissioner Richard Thomas and his staff have looked into some 6000 complaints. "The roll call of banks, retailers, government departments, public bodies and other organizations which have admitted serious security lapses is frankly horrifying," Richard Thomas wrote in a report. "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands?" The best leak...
Read more...
